From 0557d2cd7eada09de622bbb78e35cf51b962fbf3 Mon Sep 17 00:00:00 2001
From: Zowie <git@zowie.cx>
Date: Sat, 25 May 2024 13:06:25 +0200
Subject: [PATCH] fix(api): expose x-ratelimit-* headers for browser-based
 applications

---
 services/api/src/middleware/cors.rs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/services/api/src/middleware/cors.rs b/services/api/src/middleware/cors.rs
index e439cd9d..cd297b22 100644
--- a/services/api/src/middleware/cors.rs
+++ b/services/api/src/middleware/cors.rs
@@ -10,6 +10,7 @@ fn add_cors_headers(headers: &mut HeaderMap) {
     headers.append("Access-Control-Allow-Methods", HeaderValue::from_static("*"));
     headers.append("Access-Control-Allow-Credentials", HeaderValue::from_static("true"));
     headers.append("Access-Control-Allow-Headers", HeaderValue::from_static("Content-Type, Authorization, sentry-trace, User-Agent"));
+    headers.append("Access-Control-Expose-Headers", HeaderValue::from_static("X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset"));
     headers.append("Access-Control-Max-Age", HeaderValue::from_static("86400"));
 }